Skip to content

Commit

Permalink
S-95995 support e2e https (#212)
Browse files Browse the repository at this point in the history
* S-95995 support e2e https

* S-95995 update documentation for new env vars

---------

Co-authored-by: Vedran Pugar <vedran.pugar@digital.ai>
  • Loading branch information
vpugar-digital and Vedran Pugar authored Dec 29, 2023
1 parent 6a8f2b5 commit e0c2253
Show file tree
Hide file tree
Showing 5 changed files with 207 additions and 5 deletions.
33 changes: 33 additions & 0 deletions documentation/docs/manual/environment-variables.md
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,39 @@ sidebar_position: 1
- possible values: "true","false"
- default value: "false"

##### `APP_CONTEXT_ROOT`
- Context root for the application server.
- possible values: any string, it needs to start with /
- default value: /
- example: /release or /deploy

##### `SSL`
- Set to true to enable the HTTP SSL setup for the application server. If it is true you need to set other env variables: HTTP_SSL_KEYSTORE_PATH, HTTP_SSL_KEYSTORE_PASSWORD, HTTP_SSL_KEYSTORE_KEYPASSWORD and HTTP_SSL_KEYSTORE_TYPE.
- possible values: "true","false"
- default value: false
- example: true or false

##### `HTTP_SSL_KEYSTORE_PATH`
- Path in the container where the HTTP SSL keystore will be stored. The keystore will contain the key that will be used for the HTTP SSL traffic. The file needs to be readable by appplication process. The keystore needs to be encoded according to type set in the HTTP_SSL_KEYSTORE_TYPE. The keystore is protected with password set in the HTTP_SSL_KEYSTORE_PASSWORD and key is protected with password set in the HTTP_SSL_KEYSTORE_KEYPASSWORD.
- possible values: absolute path to the keystore file
- default value: none
- example: /opt/xebialabs/xl-release/conf/app-keystore.pkcs12

##### `HTTP_SSL_KEYSTORE_PASSWORD`
- The password that was set for the keystore under path: HTTP_SSL_KEYSTORE_PATH
- possible values: any string
- default value: none

##### `HTTP_SSL_KEYSTORE_KEYPASSWORD`
- The password that was set for the key in the keystore under path: HTTP_SSL_KEYSTORE_PATH
- possible values: any string
- default value: none

##### `HTTP_SSL_KEYSTORE_TYPE`
- Type of the keystore file.
- possible values: pkcs12 or jks
- default value: pkcs12

### Specific for XLRelease docker images:-

##### `APP_PORT`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ http.bind.address=0.0.0.0
http.context.root=${APP_CONTEXT_ROOT}
http.port=${APP_PORT}
repository.keystore.password=${REPOSITORY_KEYSTORE_PASSPHRASE}
ssl.mutual=${SSL}
ssl=false
ssl.mutual=false
ssl=${SSL}
threads.max=150
threads.min=30
xl.spring.cloud.enabled=true
Expand Down
62 changes: 61 additions & 1 deletion templates/resources/includes/deploy-task-engine-run-script.j2
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,23 @@ if [ ! -f "${APP_HOME}/conf/{{ boot_conf }}" ]; then
-e "s#\${APP_CONTEXT_ROOT}#${APP_CONTEXT_ROOT}#g" \
${APP_HOME}/default-conf/{{ boot_conf }}.template > ${APP_HOME}/conf/{{ boot_conf }}

if [ -n "$HTTP_SSL_KEYSTORE_PATH" ]; then
echo "Setting SSL keystore path with HTTP_SSL_KEYSTORE_PATH property"
echo -e "\nkeystore.path=${HTTP_SSL_KEYSTORE_PATH}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi
if [ -n "$HTTP_SSL_KEYSTORE_PASSWORD" ]; then
echo "Setting SSL keystore password with HTTP_SSL_KEYSTORE_PASSWORD property"
echo -e "\nkeystore.password=${HTTP_SSL_KEYSTORE_PASSWORD}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi
if [ -n "$HTTP_SSL_KEYSTORE_KEYPASSWORD" ]; then
echo "Setting SSL keystore key password with HTTP_SSL_KEYSTORE_KEYPASSWORD property"
echo -e "\nkeystore.keypassword=${HTTP_SSL_KEYSTORE_KEYPASSWORD}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi
if [ -n "$HTTP_SSL_KEYSTORE_TYPE" ]; then
echo "Setting SSL keystore type with HTTP_SSL_KEYSTORE_TYPE property"
echo -e "\nkeystore.type=${HTTP_SSL_KEYSTORE_TYPE}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi

echo "Done"
fi
else
Expand Down Expand Up @@ -174,17 +191,60 @@ else
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi
echo "Updating server port, context root and cloud enabled properties"

if [[ "${HTTP_SSL_KEYSTORE_PATH}" != "" ]]; then
if ! grep -q keystore.path ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.path with HTTP_SSL_KEYSTORE_PATH property"
{
echo ""
echo keystore.path=${HTTP_SSL_KEYSTORE_PATH}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

if [[ "${HTTP_SSL_KEYSTORE_PASSWORD}" != "" ]]; then
if ! grep -q keystore.password ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.password with HTTP_SSL_KEYSTORE_PASSWORD property"
{
echo ""
echo keystore.password=${HTTP_SSL_KEYSTORE_PASSWORD}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

if [[ "${HTTP_SSL_KEYSTORE_KEYPASSWORD}" != "" ]]; then
if ! grep -q keystore.keypassword ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.keypassword with HTTP_SSL_KEYSTORE_KEYPASSWORD property"
{
echo ""
echo keystore.keypassword=${HTTP_SSL_KEYSTORE_KEYPASSWORD}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

if [[ "${HTTP_SSL_KEYSTORE_TYPE}" != "" ]]; then
if ! grep -q keystore.type ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.type with HTTP_SSL_KEYSTORE_TYPE property"
{
echo ""
echo keystore.type=${HTTP_SSL_KEYSTORE_TYPE}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

echo "Updating server port, context root, ssl, and cloud enabled properties"
grep "server.port=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#server.port\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "xl.spring.cloud.enabled=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#xl.spring.cloud.enabled\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "http.port=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#http.port\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "http.context.root=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#http.context.root\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "ssl=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#ssl\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
{
echo ""
echo server.port=${SERVER_PORT}
echo xl.spring.cloud.enabled=true
echo http.port=${APP_PORT}
echo http.context.root=${APP_CONTEXT_ROOT}
echo ssl=${SSL}
} >> ${APP_HOME}/conf/{{ boot_conf }}

sed -i '/^$/d' ${APP_HOME}/conf/{{ boot_conf }}
Expand Down
62 changes: 61 additions & 1 deletion templates/resources/includes/xl-deploy-run-script.j2
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,23 @@ if [ ! -f "${APP_HOME}/conf/{{ boot_conf }}" ]; then
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi

if [ -n "$HTTP_SSL_KEYSTORE_PATH" ]; then
echo "Setting SSL keystore path with HTTP_SSL_KEYSTORE_PATH property"
echo -e "\nkeystore.path=${HTTP_SSL_KEYSTORE_PATH}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi
if [ -n "$HTTP_SSL_KEYSTORE_PASSWORD" ]; then
echo "Setting SSL keystore password with HTTP_SSL_KEYSTORE_PASSWORD property"
echo -e "\nkeystore.password=${HTTP_SSL_KEYSTORE_PASSWORD}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi
if [ -n "$HTTP_SSL_KEYSTORE_KEYPASSWORD" ]; then
echo "Setting SSL keystore key password with HTTP_SSL_KEYSTORE_KEYPASSWORD property"
echo -e "\nkeystore.keypassword=${HTTP_SSL_KEYSTORE_KEYPASSWORD}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi
if [ -n "$HTTP_SSL_KEYSTORE_TYPE" ]; then
echo "Setting SSL keystore type with HTTP_SSL_KEYSTORE_TYPE property"
echo -e "\nkeystore.type=${HTTP_SSL_KEYSTORE_TYPE}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi

echo "Done"
fi
else
Expand Down Expand Up @@ -225,17 +242,60 @@ else
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi
echo "Updating http port, context root, server port, and cloud enabled properties"

if [[ "${HTTP_SSL_KEYSTORE_PATH}" != "" ]]; then
if ! grep -q keystore.path ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.path with HTTP_SSL_KEYSTORE_PATH property"
{
echo ""
echo keystore.path=${HTTP_SSL_KEYSTORE_PATH}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

if [[ "${HTTP_SSL_KEYSTORE_PASSWORD}" != "" ]]; then
if ! grep -q keystore.password ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.password with HTTP_SSL_KEYSTORE_PASSWORD property"
{
echo ""
echo keystore.password=${HTTP_SSL_KEYSTORE_PASSWORD}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

if [[ "${HTTP_SSL_KEYSTORE_KEYPASSWORD}" != "" ]]; then
if ! grep -q keystore.keypassword ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.keypassword with HTTP_SSL_KEYSTORE_KEYPASSWORD property"
{
echo ""
echo keystore.keypassword=${HTTP_SSL_KEYSTORE_KEYPASSWORD}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

if [[ "${HTTP_SSL_KEYSTORE_TYPE}" != "" ]]; then
if ! grep -q keystore.type ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.type with HTTP_SSL_KEYSTORE_TYPE property"
{
echo ""
echo keystore.type=${HTTP_SSL_KEYSTORE_TYPE}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

echo "Updating http port, context root, server port, ssl, and cloud enabled properties"
grep "server.port=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#server.port\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "xl.spring.cloud.enabled=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#xl.spring.cloud.enabled\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "http.port=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#http.port\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "http.context.root=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#http.context.root\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "ssl=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#ssl\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
{
echo ""
echo server.port=${SERVER_PORT}
echo xl.spring.cloud.enabled=true
echo http.port=${APP_PORT}
echo http.context.root=${APP_CONTEXT_ROOT}
echo ssl=${SSL}
} >> ${APP_HOME}/conf/{{ boot_conf }}

sed -i '/^$/d' ${APP_HOME}/conf/{{ boot_conf }}
Expand Down
51 changes: 50 additions & 1 deletion templates/resources/includes/xl-release-run-script.j2
Original file line number Diff line number Diff line change
Expand Up @@ -101,27 +101,76 @@ if [ ! -f "${APP_HOME}/conf/{{ boot_conf }}" ]; then
fi

if [ -n "$HTTP_SSL_KEYSTORE_PATH" ]; then
echo "Setting SSL keystore path with HTTP_SSL_KEYSTORE_PATH property"
echo -e "\nkeystore.path=${HTTP_SSL_KEYSTORE_PATH}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi
if [ -n "$HTTP_SSL_KEYSTORE_PASSWORD" ]; then
echo "Setting SSL keystore password with HTTP_SSL_KEYSTORE_PASSWORD property"
echo -e "\nkeystore.password=${HTTP_SSL_KEYSTORE_PASSWORD}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi
if [ -n "$HTTP_SSL_KEYSTORE_KEYPASSWORD" ]; then
echo "Setting SSL keystore key password with HTTP_SSL_KEYSTORE_KEYPASSWORD property"
echo -e "\nkeystore.keypassword=${HTTP_SSL_KEYSTORE_KEYPASSWORD}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi
if [ -n "$HTTP_SSL_KEYSTORE_TYPE" ]; then
echo "Setting SSL keystore type with HTTP_SSL_KEYSTORE_TYPE property"
echo -e "\nkeystore.type=${HTTP_SSL_KEYSTORE_TYPE}" >> ${APP_HOME}/conf/{{ boot_conf }}
fi

echo "Done"
fi
else
echo "Found ${APP_HOME}/conf/{{ boot_conf }} file. Processing it for new properties"

echo "Updating http port and context root properties"
if [[ "${HTTP_SSL_KEYSTORE_PATH}" != "" ]]; then
if ! grep -q keystore.path ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.path with HTTP_SSL_KEYSTORE_PATH property"
{
echo ""
echo keystore.path=${HTTP_SSL_KEYSTORE_PATH}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

if [[ "${HTTP_SSL_KEYSTORE_PASSWORD}" != "" ]]; then
if ! grep -q keystore.password ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.password with HTTP_SSL_KEYSTORE_PASSWORD property"
{
echo ""
echo keystore.password=${HTTP_SSL_KEYSTORE_PASSWORD}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

if [[ "${HTTP_SSL_KEYSTORE_KEYPASSWORD}" != "" ]]; then
if ! grep -q keystore.keypassword ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.keypassword with HTTP_SSL_KEYSTORE_KEYPASSWORD property"
{
echo ""
echo keystore.keypassword=${HTTP_SSL_KEYSTORE_KEYPASSWORD}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

if [[ "${HTTP_SSL_KEYSTORE_TYPE}" != "" ]]; then
if ! grep -q keystore.type ${APP_HOME}/conf/{{ boot_conf }}; then
echo "Updating keystore.type with HTTP_SSL_KEYSTORE_TYPE property"
{
echo ""
echo keystore.type=${HTTP_SSL_KEYSTORE_TYPE}
} >> ${APP_HOME}/conf/{{ boot_conf }}
fi
fi

echo "Updating http port, context root, and ssl properties"
grep "http.port=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#http.port\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "http.context.root=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#http.context.root\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
grep "ssl=" ${APP_HOME}/conf/{{ boot_conf }} && sed -i "s#ssl\=.*##" ${APP_HOME}/conf/{{ boot_conf }}
{
echo ""
echo http.port=${APP_PORT}
echo http.context.root=${APP_CONTEXT_ROOT}
echo ssl=${SSL}
} >> ${APP_HOME}/conf/{{ boot_conf }}

sed -i '/^$/d' ${APP_HOME}/conf/{{ boot_conf }}
Expand Down

0 comments on commit e0c2253

Please sign in to comment.